User-Friendly Security Solutions for Grid Environments
This EPSRC-funded project runs for three years, from 2006 to 2009. It aims
to provide lightweight and usable security solutions for computational grid
environments. In this context, we use the term "lightweight" to mean that the
solution is easy to deploy in a scalable fashion, is easy to maintain, and
is not overly complex for the administrator or users to understand and use.
We use the term "usable" to mean that the user (subjectively)
feels that the software has successfully fulfilled their requirements for
that software -- this includes considerations such as ease of use, the gradient
of the learning curve, the extent to which the software supports the user's model
of how it should be used, etc.
To access the private pages for this project please click here
Problem statement
- The security infrastructure currently deployed in most grid environments
tends to be extremely complex. It is difficult to set up, expensive to
maintain and not very scalable. The learning curve for end users and
administrators is very steep,
which seriously hinders wide adoption of grid technologies.
- Currently, the main focus of the most widely deployed security
solutions for grid environments is authentication (and related issues
such as encrypting and ensuring the integrity of protocol messages).
Authorisation requirements tend not to be well addressed, and
auditing considerations are rarely, if ever, taken into account.
Similarly, more complex security issues, such as those that arise in
the biomedical domain (e.g. trust, confidentiality, privacy, all
of which may arise in the context of secure access of medical
datasets) have yet to be adequately addressed.
- Well-understood formal security models of grid
environments are still lacking. The security of many grid systems is
undermined by invalid trust assumptions and ignorance of usability issues.
There may also be flaws in the underlying protocols.
Objectives
- Software Development
- The development of a usable lightweight authentication framework that can be
deployed in existing grid environments, smoothly interfacing with their existing
authentication framework in such a manner that authentication becomes more usable
and transparent to the end-user/application developer.
- The development of usable lightweight authorisation mechanisms that extend the
lightweight authentication framework described above to provide more sophisticated access control
than the simple "allow/deny" lists currently used in many grid environments, but
without the overheads of heavyweight solutions such as
CAS and VOMS.
- The development of robust auditing features for the security framework developed
in this project.
- Security Analysis and Modelling
- To determine and analyse the security requirements for authentication and authorisation
of the stakeholders in the RealityGrid Project and the grid environments used by that project,
using appropriate user-centred methodologies (such as AEGIS).
- To develop and formally analyse security models for grid environments that encapsulate
the security concerns of these environments as regards authentication and authorisation,
using the RealityGrid Project as an exemplar of a user community that is situated in the
relevant environments.
- To investigate and model the trust relationships and the behaviour of users and security
objects (such as credentials) in grid environments.
Methodology
The aim of this project is to develop usable software that addresses the authentication and
authorisation concerns of the RealityGrid Project, and, in so doing, it will actively investigate
usability issues and user security requirements of the grid environments used by that project.
The software development activities will be complemented by formal validation and analysis of
the software developed and its associated security model. The software development team will
work in close conjunction with the developers of the lightweight middleware used by the
RealityGrid Project to ensure that the project's software can be readily integrated
with the appropriate lightweight middleware.
A user-centred design methodology will be employed to ensure that the concerns of the stakeholders
in the RealityGrid Project are central to the software development of this proposal throughout the
development cycle. This will be complemented by frequent user trials of both prototypes and developed
software throughout the project's development cycle. This will ensure that any software produced does
not replicate the failings of so much of the current grid middleware of being too general to be of much
use to any specific group. To analyse the security models, and to model the grid environment appropriately
for the research objectives above, formal methods will be used.
Project team
| People |
Affiliation |
Role |
| Prof P.V. Coveney |
Centre for Computational Science, Department of Chemistry, University
College London |
Principal Investigator |
| Prof P.Y.A. Ryan |
School of Computing Science, Newcastle University |
Co-Investigator |
| B. Beckles |
Computing Service, University of Cambridge |
Co-Investigator |
| Dr A.E. Abdallah |
Institute for Computing Research, Faculty of Business, Computing and
Information Management, London South Bank University |
Co-Investigator |
| Dr S.M. Pickles |
Manchester Computing, University of Manchester |
Co-Investigator |
| Dr J.M. Brooke |
Manchester Computing, University of Manchester |
Co-Investigator |
| Dr F. Hao |
Centre for Computational Science, Department of Chemistry, University
College London |
Software developer |
| Dr J. Bryans |
School of Computing Science, Newcastle University |
Security analyst |
| L. Fazendeiro |
Centre for Computational Science, Department of Chemistry, University
College London |
PhD student |
References
- B. Beckles, P.V. Coveney, P.Y.A. Ryan, A.E. Abdallah, S.M. Pickles,
J.M. Brooke, and M. McKeown, "A user-friendly approach to computational
grid security", Proceedings of the UK e-Science All Hands Meeting 2006. [Paper]
[Presentation]
- P.V. Coveney, R.S. Saksena, S.J. Zasada, M. McKeown and S. Pickles, "The
application hosting environment: Lightweight middleware for grid-based
computational science", Computer Physics Communications, Vol. 176, No.
6, pp. 406-418, March 2007. [Paper]
- B. Beckles, "Re-factoring grid computing for usability", Proceedings of the
UK e-Science All Hands Meeting 2005. [Paper]
- B. Beckles, V. Welch, J. Basney, "Mechanisms for increasing the
usability of grid security", Int. J. Human-Computer Studies,
Vol. 63, No. 1-2, pp. 74-101, July 2005. [Paper]
- P.V. Coveney, J. Vicary, J. Chin and M. Harvey, "WEDS: a Web
services-based environment for distributed simulation", Phil. Trans. R.
Soc. A, Vol. 363, No. 1833, pp. 1807-1816, August 2005. [Paper]
- B. Beckles, "Removing digital certificates from
the end-user's experience of grid environments", Proceedings of the UK e-Science All Hands Meeting
2004. [Paper]
- J. Chin, P.V. Coveney, "Towards tractable toolkits for the Grid:
a plea for lightweight, usable middleware.", UK e-Science Technical Report Number
UKeS-2004-01. [Technical report]
